> And the problem appears to be compounded by dofus legacy implementations > that don't support PFS greater than 1024 bits. This comes from a > misunderstanding that DH keysizes only need to be half the RSA length. > > So to go above 1024 bits PFS we have to either > > 1) Wait for all the servers to upgrade (i.e. never do it because the won't > upgrade) > > 2) Introduce a new cipher suite ID for 'yes we really do PFS at 2048 bits > or above'.
Can the client recover and do something useful when the server has a buggy (key length limited) implementation? If so, a new cipher suite ID is not needed, and both clients and servers can upgrade asynchronously, getting better protection when both sides of a given connection are running the new code. In the case of (2) I hope you mean "yes we really do PFS with an unlimited number of bits". 1025, 2048, as well as 16000 bits should work. John _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography